agnes-the-ai-analyst

924 commits 1 branch 0 tags 13 MiB

Author	SHA1	Message	Date
ZdenekSrotyr	8b5b0f8ef5	fix(web): render <strong> in /me/activity hero subtitle instead of escaping it (#312 ) The subtitle was built by ~-concatenating a Markup operand (user.email \| e) with HTML string literals. Under autoescaping, Jinja2's markup_join escapes every non-Markup part once it hits a Markup operand — so the literal <strong> tags became <strong> and the page showed literal "<strong>...</strong>" text around the email. The \| safe in _page_hero.html was too late to undo it. Switch to {% set %}...{% endset %} block capture: the literal <strong> stays HTML while {{ user.email }} is still autoescaped. Regression test asserts the tags render and a hostile email stays escaped.	2026-05-14 22:27:34 +02:00
ZdenekSrotyr	d55c8a3c33	feat(web): consolidate the personal /me/* surface — /me/activity + /me/profile (#304 ) Consolidates the scattered per-analyst pages into /me/activity (usage analytics) and /me/profile (account hub). /me/stats and /profile/sessions 301-redirect; /profile, /me/debug, /tokens are removed with every internal link repointed. Includes an XSS fix in the /me/activity page hero, the user_id-keyed session-lookup alignment, and the v0.54.15 release cut. Co-developed by @ZdenekSrotyr and @cvrysanek.	2026-05-14 21:29:51 +02:00

Author

SHA1

Message

Date

ZdenekSrotyr

8b5b0f8ef5

fix(web): render <strong> in /me/activity hero subtitle instead of escaping it (#312 )

The subtitle was built by ~-concatenating a Markup operand
(user.email | e) with HTML string literals. Under autoescaping,
Jinja2's markup_join escapes every non-Markup part once it hits a
Markup operand — so the literal <strong> tags became &lt;strong&gt;
and the page showed literal "<strong>...</strong>" text around the
email. The | safe in _page_hero.html was too late to undo it.

Switch to {% set %}...{% endset %} block capture: the literal
<strong> stays HTML while {{ user.email }} is still autoescaped.
Regression test asserts the tags render and a hostile email stays
escaped.

2026-05-14 22:27:34 +02:00

ZdenekSrotyr

d55c8a3c33

feat(web): consolidate the personal /me/* surface — /me/activity + /me/profile (#304 )

Consolidates the scattered per-analyst pages into /me/activity (usage
analytics) and /me/profile (account hub). /me/stats and /profile/sessions
301-redirect; /profile, /me/debug, /tokens are removed with every internal
link repointed. Includes an XSS fix in the /me/activity page hero, the
user_id-keyed session-lookup alignment, and the v0.54.15 release cut.

Co-developed by @ZdenekSrotyr and @cvrysanek.

2026-05-14 21:29:51 +02:00

Renamed from app/web/templates/me_stats.html (Browse further)

2 commits